| github.com/containerd/containerd |
CVE-2026-53488 |
高危 |
v1.7.32 |
1.7.33 |
github.com/containerd/containerd: containerd: Host-root command execution via unvalidated image config labels in CRI plugin
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-53488
镜像层: sha256:c4c08a8da713f478299f72fc23b4278df95b30dd93ef577fd80865731efeff34
发布日期: 2026-07-01 02:17 修改: 2026-07-03 04:17
|
| github.com/containerd/containerd/v2 |
CVE-2026-53488 |
高危 |
v2.2.4 |
2.0.10, 2.1.9, 2.2.5, 2.3.2 |
github.com/containerd/containerd: containerd: Host-root command execution via unvalidated image config labels in CRI plugin
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-53488
镜像层: sha256:c4c08a8da713f478299f72fc23b4278df95b30dd93ef577fd80865731efeff34
发布日期: 2026-07-01 02:17 修改: 2026-07-03 04:17
|
| github.com/containerd/containerd/v2 |
CVE-2026-53489 |
高危 |
v2.2.4 |
2.1.9, 2.2.5, 2.3.2 |
github.com/containerd/containerd: containerd: Arbitrary host file read via symlink following in CRI checkpoint restore
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-53489
镜像层: sha256:c4c08a8da713f478299f72fc23b4278df95b30dd93ef577fd80865731efeff34
发布日期: 2026-07-01 19:16 修改: 2026-07-02 19:33
|
| github.com/containerd/containerd/v2 |
CVE-2026-53492 |
高危 |
v2.2.4 |
2.1.9, 2.2.5, 2.3.2 |
github.com/containerd/containerd: containerd: Security bypass via Container Device Interface (CDI) annotation smuggling during checkpoint restoration.
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-53492
镜像层: sha256:c4c08a8da713f478299f72fc23b4278df95b30dd93ef577fd80865731efeff34
发布日期: 2026-07-01 19:16 修改: 2026-07-02 19:33
|
| github.com/docker/cli |
CVE-2025-15558 |
高危 |
v28.5.1+incompatible |
29.2.0 |
docker/cli: Docker CLI for Windows: Privilege escalation via malicious plugin binaries
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-15558
镜像层: sha256:c4c08a8da713f478299f72fc23b4278df95b30dd93ef577fd80865731efeff34
发布日期: 2026-03-04 17:16 修改: 2026-06-30 03:16
|
| github.com/docker/docker |
CVE-2026-34040 |
高危 |
v28.5.1+incompatible |
29.3.1 |
Moby: Moby: Authorization bypass vulnerability
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34040
镜像层: sha256:c4c08a8da713f478299f72fc23b4278df95b30dd93ef577fd80865731efeff34
发布日期: 2026-03-31 03:15 修改: 2026-06-17 10:38
|
| github.com/docker/docker |
CVE-2026-41567 |
高危 |
v28.5.1+incompatible |
|
docker: Moby/Docker Engine: Arbitrary Code Execution via malicious container image and compressed archive upload
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41567
镜像层: sha256:c4c08a8da713f478299f72fc23b4278df95b30dd93ef577fd80865731efeff34
发布日期: 2026-06-05 02:17 修改: 2026-07-06 13:16
|
| github.com/docker/docker |
CVE-2026-42306 |
高危 |
v28.5.1+incompatible |
|
Moby is an open source container framework. In Docker Engine prior to ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42306
镜像层: sha256:c4c08a8da713f478299f72fc23b4278df95b30dd93ef577fd80865731efeff34
发布日期: 2026-06-12 19:16 修改: 2026-06-17 10:47
|
| github.com/moby/buildkit |
CVE-2026-33747 |
高危 |
v0.25.1 |
0.28.1 |
BuildKit: github.com/moby/buildkit: BuildKit: Arbitrary file write and code execution via untrusted frontend
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33747
镜像层: sha256:c4c08a8da713f478299f72fc23b4278df95b30dd93ef577fd80865731efeff34
发布日期: 2026-03-27 01:16 修改: 2026-06-17 10:38
|
| github.com/moby/buildkit |
CVE-2026-33748 |
高危 |
v0.25.1 |
0.28.1 |
github.com/moby/buildkit: BuildKit: Unauthorized file access via Git URL fragment subdir components
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33748
镜像层: sha256:c4c08a8da713f478299f72fc23b4278df95b30dd93ef577fd80865731efeff34
发布日期: 2026-03-27 15:16 修改: 2026-06-17 10:38
|
| oras.land/oras-go/v2 |
CVE-2026-50151 |
高危 |
v2.6.0 |
2.6.1 |
oras-go blob upload vulnerable to credential forwarding via unvalidated Location header
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-50151
镜像层: sha256:c4c08a8da713f478299f72fc23b4278df95b30dd93ef577fd80865731efeff34
发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
|
| oras.land/oras-go/v2 |
CVE-2026-50163 |
高危 |
v2.6.0 |
|
`oras-go` tar extraction: Hardlink entry with relative Linkname escapes extract dir via process CWD resolution
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-50163
镜像层: sha256:c4c08a8da713f478299f72fc23b4278df95b30dd93ef577fd80865731efeff34
发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
|
| github.com/docker/docker |
CVE-2026-41568 |
中危 |
v28.5.1+incompatible |
|
github.com/docker/docker: github.com/moby/moby: Moby: Denial of Service via race condition in docker cp mount setup
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41568
镜像层: sha256:c4c08a8da713f478299f72fc23b4278df95b30dd93ef577fd80865731efeff34
发布日期: 2026-06-12 19:16 修改: 2026-06-17 10:46
|
| github.com/containerd/containerd/v2 |
CVE-2026-47262 |
中危 |
v2.2.4 |
2.0.10, 2.1.9, 2.2.5, 2.3.2 |
github.com/containerd/containerd: containerd: Denial of Service via maliciously crafted image leading to unbounded group parsing
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47262
镜像层: sha256:c4c08a8da713f478299f72fc23b4278df95b30dd93ef577fd80865731efeff34
发布日期: 2026-07-01 19:16 修改: 2026-07-02 19:40
|
| github.com/containerd/containerd/v2 |
CVE-2026-50195 |
中危 |
v2.2.4 |
2.1.9, 2.2.5, 2.3.2 |
github.com/containerd/containerd: containerd: Arbitrary code execution via CRI checkpoint image tag poisoning
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-50195
镜像层: sha256:c4c08a8da713f478299f72fc23b4278df95b30dd93ef577fd80865731efeff34
发布日期: 2026-07-01 19:16 修改: 2026-07-02 19:43
|
| github.com/containerd/containerd |
CVE-2026-47262 |
中危 |
v1.7.32 |
1.7.33 |
github.com/containerd/containerd: containerd: Denial of Service via maliciously crafted image leading to unbounded group parsing
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47262
镜像层: sha256:c4c08a8da713f478299f72fc23b4278df95b30dd93ef577fd80865731efeff34
发布日期: 2026-07-01 19:16 修改: 2026-07-02 19:40
|
| github.com/docker/docker |
CVE-2026-33997 |
中危 |
v28.5.1+incompatible |
29.3.1 |
moby: docker: github.com/moby/moby: Moby: Privilege validation bypass during plugin installation
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33997
镜像层: sha256:c4c08a8da713f478299f72fc23b4278df95b30dd93ef577fd80865731efeff34
发布日期: 2026-03-31 03:15 修改: 2026-06-30 03:18
|
| oras.land/oras-go/v2 |
CVE-2026-50162 |
中危 |
v2.6.0 |
2.6.1 |
oras-go has file store write outside workingDir via symlink traversal
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-50162
镜像层: sha256:c4c08a8da713f478299f72fc23b4278df95b30dd93ef577fd80865731efeff34
发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
|
| oras.land/oras-go/v2 |
GHSA-vh4v-2xq2-g5cg |
中危 |
v2.6.0 |
2.6.1 |
ORAS Go forwards registry credentials across registry redirects
漏洞详情: https://github.com/advisories/GHSA-vh4v-2xq2-g5cg
镜像层: sha256:c4c08a8da713f478299f72fc23b4278df95b30dd93ef577fd80865731efeff34
发布日期: 2026-07-01 21:54 修改: 2026-07-01 21:54
|
| oras.land/oras-go/v2 |
CVE-2026-48978 |
低危 |
v2.6.0 |
2.6.1 |
oras-go: Malicious registry can hijack Bearer token realm to exfiltrate credentials and refresh tokens
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48978
镜像层: sha256:c4c08a8da713f478299f72fc23b4278df95b30dd93ef577fd80865731efeff34
发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
|